I am starting a travel/tours business and am creating my own booking form I am a reseller of tours. The form then goes through the gateway via AIM and voila a voucher page with a confirmation # pops up in the browser.
My question is this, I need to send this info to my vendor via email. What do i do about the credit card #'s, my vendor needs those also. Am i allowed to send that via email? Is there a feature in the gateway processor that will send a copy of the info via email to my vendor in some secured format? How does that work? I'd hate to call in every cc # to my vendors throughout the days..
Email is very unsecure. You could use PGP to secure the emails. You might even need to become CISP compliant. Do your vendors have their own websites? You might even consider seeing if you can submit the credit card number to their websites as well
Email is not only insecure because you send it insecure on your side, it's also because once the mail left your server, it will stay insecure and get forwarded and routed by the mail server insecure again. On the recipientís mail server or even the recipients desktop, the mails are stored insecurely.
PGP is therefore a very good option, because although the mails are still transferred insecurely, the actual content is encrypted.
You should be able to download a free PGP version (for "personal use") from pgp.com, or use one of the numerous other free open source versions that are compatible to the commercial one.
If your vendor takes their business seriously (and if they want to comply with the terms set out by Visa), they have to use PGP anyway. Visa doesnít allow transmission and storage of credit cards in an insecure environment, this includes emails.